luaossl icon indicating copy to clipboard operation
luaossl copied to clipboard

Published 20 hours ago verified publisher icon wahern

Support TLS False Start

Open daurnimator opened this issue 10 years ago • 2 comments

TLS False Start allows for less round trips to start an SSL connection http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#TLS_FALSE_START It's supported by all major browsers as long as ALPN is used.

On some openssl forks it is enabled by the option SSL_MODE_HANDSHAKE_CUTTHROUGH. But this doesn't seem to exist in the main openssl repo. I'm not sure if there's another name for it.

Interesting link: https://www.imperialviolet.org/2012/04/11/falsestart.html

daurnimator avatar Aug 05 '15 10:08 daurnimator

Now that false start has a proper RFC I've filed https://github.com/openssl/openssl/issues/1541

daurnimator avatar Sep 07 '16 02:09 daurnimator

On the cqueues side this will mean allowing writes before starttls has "finished". At the moment lso_prepsnd returns an error if so_starttls hasn't finished, I don't see why it should: this is something we could change now.

daurnimator avatar Dec 29 '16 00:12 daurnimator